CVE-2021-47863

HIGH

MacPaw Encrypto 1.0.1 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47863. PoCs published by Ismael Nava.

AI-analyzed exploit summary This is a technical writeup detailing an unquoted service path vulnerability in MacPaw Encrypto 1.0.1. The analysis includes steps to identify the vulnerable service path and confirms the issue via Windows command-line tools.

Description

MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate privileges on Windows systems.

Exploits (1)

exploitdb WRITEUP
by Ismael Nava · textlocalwindows
https://www.exploit-db.com/exploits/49694

This is a technical writeup detailing an unquoted service path vulnerability in MacPaw Encrypto 1.0.1. The analysis includes steps to identify the vulnerable service path and confirms the issue via Windows command-line tools.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: MacPaw Encrypto 1.0.1
Auth required
Prerequisites: Local access to the system · Ability to execute commands as an administrator
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/49694
Various Sources product
https://macpaw.com/encrypto

Scores

CVSS v3 7.8
EPSS 0.0013
EPSS Percentile 2.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
MacPaw Way Ltd./Encrypto 1.0.1
Published Jan 21, 2026
Tracked Since Feb 18, 2026